Data Protection and Privacy Policy for Acqui AI, Inc

Effective Date: 5th February 2025

1. 1. Introduction

   This Data Protection and Privacy Policy outlines how Acqui AI, Inc. ("we," "our," or "us") collects, uses, discloses, and protects your personal information when you use Acqui.ai ("Service"). This policy also addresses your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR). By using the Service, you agree to the collection and use of your personal information as described in this policy.

2. 2. Information We Collect

   We may collect the following types of personal information from users of our Service:

   1. 2.1 Personal Identification Information

      • Name
      • Email address
      • Account credentials (username and password)
      • Payment details (if applicable)

   2. 2.2 Usage Data

      We may collect information on how the Service is accessed and used, including:

      • IP address
      • Browser type
      • Operating system
      • Device information
      • Pages visited and time spent on the Service
      • Referring website

   3. 2.3 User Content

      The Service processes content you submit for review (e.g., assignment texts and other related materials). This content is not used for any purpose other than delivering the Service.

3. 3. How We Use Your Information

   We may use the personal information collected from you for the following purposes:

   • To provide, maintain, and improve the Service.
   • To process payments and manage subscriptions.
   • To communicate with you regarding your account or the Service.
   • To prevent fraud and ensure the security of the Service.
   • To comply with legal obligations and enforce our terms of use.
   • For analytics to improve user experience and optimize performance.

4. 4. Legal Bases for Processing (GDPR Compliance)

   Under the General Data Protection Regulation (GDPR), we rely on several legal bases to collect and process your personal information, including:

   • Performance of a Contract: When we need your data to provide the Service, process payments, or respond to inquiries.
   • Consent: When you provide explicit consent for specific processing purposes, such as subscribing to newsletters or marketing.
   • Legitimate Interests: When the processing is necessary for our legitimate business interests, such as improving the Service, provided that your privacy rights are not overridden.
   • Legal Obligations: When we are required by law to collect and process your information, such as for tax purposes or regulatory compliance.

5. 5. Data Retention

   We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. The retention period for user content, such as assignments, may vary based on your usage of the Service but will not exceed the period necessary for Service delivery.

6. 6. How We Share Your Information

   We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

   1. 6.1 Third-Party Processors

      We may use third-party processors, including but not limited to OpenAI, to process personal information on our behalf. These third parties are contractually obligated to safeguard your personal information and use it only for the purposes specified in this policy.

   2. 6.2 Legal Requirements

      We may disclose your personal information if required by law or if we believe such action is necessary to:

      • Comply with legal obligations.
      • Protect and defend our rights or property.
      • Investigate or prevent potential wrongdoing in connection with the Service.
      • Protect the personal safety of users or the public.

7. 7. International Data Transfers

   As the Service may be hosted in the USA or other countries, your personal information may be transferred to and processed in jurisdictions outside of your country of residence. Some countries may not have the same data protection laws as your country. We will ensure that any such transfers comply with applicable legal requirements, including GDPR safeguards such as Standard Contractual Clauses (SCCs).

8. 8. Your Rights Under GDPR

   If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:

   • Right of Access: You have the right to request access to the personal data we hold about you.
   • Right to Rectification: You can request correction of any inaccurate or incomplete data.
   • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to certain exceptions (see below).
   • Right to Restrict Processing You can ask us to restrict the processing of your data under certain conditions.
   • Right to Data Portability: You can request a copy of your data in a machine-readable format.
   • Right to Object: You can object to our processing of your data based on legitimate interests, direct marketing, or profiling.

   To exercise these rights, please contact us at https://acqui.ai/contact. We will respond within the timelines set by GDPR (typically within 30 days).

9. 9. Exceptions to GDPR Rights

   While you have the right to request the erasure or restriction of your personal data, there are some exceptions under GDPR where we may refuse these requests, including:

   • When the data is necessary for compliance with legal obligations (e.g., financial record-keeping, tax filings).
   • When the data is required for the establishment, exercise, or defence of legal claims.
   • When erasing the data would infringe upon the freedom of expression or information.

10. 10. Security of Your Information

    We take appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or alteration. These measures include encryption, secure data storage, and restricted access to personal data. However, no system is 100% secure, and we cannot guarantee absolute security.

11. 11. Children's Privacy

    Our Service is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children. If you believe that we have inadvertently collected personal data from a child under 13, please contact us at https://acqui.ai/contact so that we can delete such information.

12. 12. Changes to This Policy

    We may update this Data Protection and Privacy Policy from time to time. Any changes will be posted on our website, and we will notify users by email or other means where appropriate. By continuing to use the Service after the changes have been posted, you agree to the updated policy.

13. 13. Changes to This Policy

    We may modify this AUP at any time. Any changes will be posted on our website and communicated to users via email or other methods. Continued use of the Service following the changes constitutes acceptance of the updated policy.

14. 14. Contact Us

    If you have any questions or concerns regarding this policy, or if you wish to exercise your GDPR rights, please contact us at https://acqui.ai/contact